ALP-pool/iputils
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
iputils/iputils-CVE-2025-48964_regression.patch

56 lines
2.1 KiB
Diff
Raw Permalink Blame History

From a41fbf36f331e1b0945c8e30581381e2f2fdff6e Mon Sep 17 00:00:00 2001
From: Cyril Hrubis <chrubis@suse.cz>
Date: Thu, 5 Jun 2025 15:39:00 +0200
Subject: [PATCH] ping: Fix regression in -c1
We change the rts->lingertime to be stored directly in us instead of ms
in order to simplify the overflow checks, however we missed two places
where the value was not properly converted.
The initialization of the lingertime has to be converted to us as well
since the MAXWAIT is in seconds it has to be multiplied by 1000000 now.
The check againts the nores_interval has to be updated too since the
nores_interval is initialized from rts->interval that is stored in ms
and the oom_count is a counter, hence the product of the multiplication
is still in ms and the rts->lingertime has to be divided by 1000 in this
case to be converted back to ms.
Fixes: f7d1989 ("ping: Fix integer overflow in large -W value")
Fixes: https://github.com/iputils/iputils/issues/596
Closes: https://github.com/iputils/iputils/pull/597
Reported-by: Alberto Salvia Novella <es20490446e.wordpress.com>
Co-developed-by: Petr Vorel <pvorel@suse.cz>
Signed-off-by: Cyril Hrubis <chrubis@suse.cz>
---
ping/ping.c | 2 +-
ping/ping_common.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/ping/ping.c b/ping/ping.c
index 63b943e0..1e976a90 100644
--- a/ping/ping.c
+++ b/ping/ping.c
@@ -335,7 +335,7 @@ main(int argc, char **argv)
static struct ping_rts rts = {
.interval = 1000,
.preload = 1,
- .lingertime = MAXWAIT * 1000,
+ .lingertime = MAXWAIT * 1000000,
.confirm_flag = MSG_CONFIRM,
.tmin = LONG_MAX,
.pipesize = -1,
diff --git a/ping/ping_common.c b/ping/ping_common.c
index fad52280..9a0c1248 100644
--- a/ping/ping_common.c
+++ b/ping/ping_common.c
@@ -389,7 +389,7 @@ int pinger(struct ping_rts *rts, ping_func_set_st *fset, socket_st *sock)
if (nores_interval > 500)
nores_interval = 500;
oom_count++;
- if ((uint32_t)(oom_count * nores_interval) < rts->lingertime)
+ if ((uint32_t)(oom_count * nores_interval) < rts->lingertime/1000)
return nores_interval;
i = 0;
/* Fall to hard error. It is to avoid complete deadlock
Reference in New Issue View Git Blame Copy Permalink